Broad and narrow definitions of data breaches

A data breach refers to a security incident where unauthorized individuals gain access to sensitive or confidential information stored in a computer system, network, or database. This breach may result in the unauthorized acquisition, disclosure, or use of the compromised data, potentially causing harm to individuals or organizations affected. Data breaches can occur due to cyberattacks, insider threats, or accidental exposure, and they pose significant risks to privacy, security, and reputation.

Some examples of a security breach are:

• when a hacker breaks into your computer network  
• when a computer device, thumb drive, phone, or some other device is lost or stolen  
• even when paper files containing personal or sensitive information are lost (e.g., via a lost or stolen briefcase) or discarded without first being shredded  

Some sources more specifically define a data breach as the confirmed access and use of confidential data for illegal purposes. This narrower definition shifts the focus of a data breach from the party that may have (however inadvertently) disclosed or permitted disclosure of information and places the focus solely on the cyber thieves, hackers, or cyber criminals. The problem with this narrower focus is that it may lead one to believe that a breach is really not a problem until there is proven evidence of medical theft, identity theft, or other financial loss to the individual whose information was accessed.